By Asher de Metz
Baltimore estimates that its ongoing ransomware attack will cost $18.2 million in recovery costs and delayed and lost revenue. The city has already spent $4.6 million on recovery in the four weeks since hackers encrypted files and took down voicemail, email and other critical city systems.
The attack is drawing comparisons to other high-profile ransomware attacks on city governments. In 2018, Atlanta was shut down by ransomware that could end up costing the city $17 million. Greenville, North Carolina, is a more recent victim, and is still recovering from an April ransomware attack more than a month later.
There have been at least 169 ransomware attacks on state and local municipalities since 2013, a number that’s likely on the low side given that attacks aren’t always publicised. With new ransomware variants arising, including some that infect systems even when no one clicks on a link in a phishing email, it’s only a matter of time before there are more victims.
Even if you’re not a city government, this should be a wake up call: Organisations need to take steps now before they come to work one day to find their devices locked down and their data encrypted. Here are a few basic ideas on how to get ahead of ransomware:
Organisations that have taken these steps need only to shut down the infected devices or segment, recover from the backups and go back to work.
For organisations that have already been hit and haven’t taken the necessary precautions, there are often just a few options, and none of them are great.
The first option is paying the hackers’ ransom request, usually in cryptocurrency. Most cities and municipalities have refused to do this — only 17% have admitted to paying the ransom. Paying is almost always a bad idea, as it tells the hackers you’re willing to pay and essentially puts a target on your back for future attacks.
The other option is to recover the infected systems and rebuild systems from scratch, a process that can take weeks in some cases. To gain the resources needed for that undertaking, some victims have declared a disaster. When the Colorado Department of Transportation had 2,000 computers encrypted by ransomware in early 2018, the Colorado Office of Information Technology issued a disaster declaration to elevate the attack to the level of a natural disaster, which gave the department access to the Colorado National Guard’s cybersecurity unit, logistics teams and other resources.
For businesses that don’t have those government resources, working with an experienced partner gives them the option gain access to expert resources and expedite a return to business as usual. But again, engaging with a partner is a step to take before you become the next victim of ransomware.
What are you doing to protect your data and your business?